Been a busy new year for me, which is basically a continuation of how 2009 finished. Either being sick or extremely busy at work and family life. Personal projects and other testing took a back seat unfortunately.Since I don’t have much of anything to write up, here’s part of SANS’ newsletter. One article, in m opinion, is worth reading. Skoudis’ comment is on the money. It’s too bad that the powers that be (management) probably never read this stuff… –Zero-Day IE Flaw Used in Attacks on Google, Adobe and Others(January 14, 2010)Attackers exploited a zero-day vulnerability in Internet Explorer (IE)to launch attacks on Adobe, Google and about 30 other US companies. Theflaw reportedly affects all versions of IE. Microsoft became aware ofthe vulnerability on January 13 and plans to issued an advisory onJanuary 14. The memory corruption vulnerability allows attackers toinject malware onto users’ computers. So far, the flaw has beenexploited only in targeted attacks. While there have been reports thatthe attackers also used maliciously crafted PDF files to launch theirattacks against the companies, now it is believed that only the IE flawwas used in the attacks.http://www.wired.com/threatlevel/2010/01/hack-of-adobhttp://www.theregister.co.uk/2010/01/14/cyber_assault_followup/http://www.computerworld.com/s/article/9144844/Hackers_used_IE_zero_day_not_PDF_in_China_Google_attacks?source=rss_securityMicrosoft advisory: http://www.microsoft.com/technet/security/advisory/979267.mspxStorm Center: http://isc.sans.org/diary.html?storyid=7993[Editor’s Note (Skoudis): The news this week about Google, China, andadvanced persistent threats illuminates an important change in security.The threatscape has been shifting from cyber crime to more insidiousattacks over the past couple of years, but in a way that didn’t garnera lot of attention. Until now. I think it’s a good thing to see folksfinally waking up to this issue, rather than pretending it doesn’texist.(Honan): This vulnerability when exploited uses the same user levels asthe logged on user; maybe it is time to convince your management andusers that they do not need local administrator access.]

On another note, Kioptrix will be tapping it’s first pod-cast this evening. Must warn you, it’s in French… It’s going to be available for download soon. Bare in mind, this is our first crack at this.

As always, visit us at kioptrix.com and check out our media section and VM download section. A few things are in the works that we hope people will enjoy. Also pretty soon, I’ll be moving this blog post to it’s new home permanently.